If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Wonderful World of OS Privacy Disclosure

Hey Hey,

So recently on these forums we've seen people attack Microsoft for "phoning home" and relaying personal info... Then we saw the same thing for Apple... even though all apple did was download the latest list of "Approved" widgets (similar to your AV might do, or a PC on automatic update)...

So I just finished instally SuSE 10.1 on my primary desktop (Decided it was time for a change.... I've got an XP VM for all my Windows world things still) and while the install took waaaaaaaaaaaaaaaaaaay to long I was impressed with the software list (although for 6 CDs / 1 DVD I should be) and the hardware support... Let's give a quick rundown on that before I mention this article...

The opening line of the SuSE release notes "Personal information will be relayed back to Novel for the most user-friendly experience possible" "This information includes data returned from the commands: hwinfo and uname".... So for all you linux zealots that were attacking Apple and MS... SuSE is returning my personal information as well... and if I disable that it will provide me with a less than desired user experience..

I just found this rather interesting.

Peace,
HT

IT Blog: .:Computer Defense:.PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

I've noticed the same thing ... Albeit Suse having great hardware support, I find it way to bloated, and the fact it "needs to phone home" ...Well ... I've installed another distro ... But I think future wise, most "Big" distros (Microsoft, Suse and maybe Redhat) Will be having a "phone home feature" built in ... Afterall ... There's money involved, being it opensource or not.

How is SUSE "Bloated" ? It's a distro on top of the GUI World yet it can be installed on machine from almost 10 years ago and you can install ii on partitions smaller than even Debian..... Errr.... Well something like that, a minimum install is usually 400 MBs.... Anyway, one thing, since this is part of the topic:

How can Windows kids complain about installing SUSE and Linux being hard when Microsoft STILL uses a text mode installer until you get to the configuration part of the install? The installation of Windows looks the sam as it did for Windows 98; You're at a text mode installation tool setting up partitions and then you get a GUI to tell it your time zone, where SUSE uses a GUI the entire time unless you're installing on an old machine where you don't want a GUI or a machine for a server where you don't need one.

And a packet sniffer would most likely show no actual personal info is being sent. It's showing what Hardware you're using and the Kernel. I don't find a problem with this. It allows them to support my hardware better. And I know no one is attacking SUSE. Just wanted to get a few things in here.

HT I know personally has talked to people from Novell and they actually didn't try to screw him out of more money than he needed to spend.

How many people can say they have EVER talked on the phone with a Microsoft sales person and the person said "You actually don't HAVE to buy that, you can buy just one" ?

By the way I didn't attack Apple. I don't see a threat in them collecting info to tell you about GUI stuff.... Anyone who does needs a huge dose of Thorezine.

HT, I haven't messed with the new version enough yet but I have noticed HUGE differences. You can tell they worked hard on it. And things seem to really just work.

And I know personally from talking to the SUSE team that the reason the box itself is different and th books and CD holder are different, is because Novell wanted SUSE to sell for a cheaper price.

The price is 59.99 and I get mine at my door the next day (They know me ).

I have to say that HT~ raises an interesting topic here, so I will have a go at it from a different direction?

If you look at these sorts of discussions on this and other forums, there is always this "personal privacy" thingy............... well all machines that I own and build belong to "P C User" who happens to live at "Home"

Yet we repeatedly complain about the ignorance of the average home user?

1. If the user is ignorant then I will set their machine up so that nothing unnecessary runs, and that as much as possible is automated. I give them a checklist of what to expect to happen, and when. I actually set up the phoning home DELIBERATELY. You CANNOT have the best of both Worlds, if the user is ignorant then the solution HAS to be automation and phoning home?

2. I have no problems with stuff phoning home so long as it is in the overall interests of the user community. I don't mind an applications provider knowing that my machine crashed and enough detail to find out why. Hey! how in hell can we expect them to improve their product without any feedback?.................... doesn't anybody remember the Full Development Lifecycle? the last bit is the Post Implementation Review ( and before you have a dig, HT~ , I have over 20 year's field experience of full lifecycle developments ). IMO, a lot of this phoning home is to check for updates, or an automated form of the Post Implementation Review.

3. What I would complain about would be:

[A] Applications that phoned home with uneccessary detail about my environment.
[B] Applications that did not let me turn off the phoning home, or at least schedule it. They cannot be tested in all scenarios, and two things trying to phone home at the same time might be a cause of systems instability; which of course would be blamed on the windows OS

I definately have no problem with the phoning home... Like nihil I think it's an improvement... I'm probably one of the few people who clicks the submit details to &lt;vendor&gt; button on crashes... It's cool with me.. I just wanted to point this out for the Linux zealots who've trashed MS and Apple about it

It makes you think about the extra traffic being used..

I've got 3 Ubuntu Machines, 1 SuSE, 1 XP and 1 OS X (Plus multiple VMs) checking for updates on a regular basis...All with AV that also checks on a regular basis for updates.. My Mac also checks for "authorized" widgets. MSN, Firefox both check for updates regularly... it's almost inspiring me to define a hosts file for all of these sites... DNS Poisoning and Site redirection are getting too big..

Hell even google bombing when checking for updates... One of the guys at work today noticed the first site that comes up when you search for MS06-022... Instead of being Microsoft.com it's thesource.ofallevil.com redirecting to the Microsoft advisory... there are several advisories that this occurs for.. How safe are we from malicious files being received during these phone home udpates... If google can be poluted why not my DNS servers?

Peace,
HT

IT Blog: .:Computer Defense:.PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

Hell even google bombing when checking for updates... One of the guys at work today noticed the first site that comes up when you search for MS06-022... Instead of being Microsoft.com it's thesource.ofallevil.com redirecting to the Microsoft advisory... there are several advisories that this occurs for.. How safe are we from malicious files being received during these phone home udpates... If google can be poluted why not my DNS servers?

Well that's exactly my point ... With all these OS's and AV and whatnot "calling home" it's easy to loose track of which, what where ... It's a good idea to create a hosts file HTRegz ... But it would be one you'll need to keep an eye on ...As maybe some of the DNS entries for the sites change ...Microsoft for instance ... you'll need to update it ... It won't happen too often probably but it's another overhead ... at home it's no problem ... Another way I see to reduce the phoning home bit on a Windows XP client is to install WSUS (Windows Server Update Service) ... This way you'll keep the "phoning home" bit for the update inside for the client computers ...and you'll only need to keep an eye on 1 machine.

I don't really have a problem with companies gathering info about my hardware and stuff ... But it's like you said ... it holds certain risks doesn't it.

[edit] off topic -- gore ...easy there buddy ... I wasn't attacking SUSE ... I was just stating an opnion, my opinion ... If I find SUSE too bloated, well then that's my prerogative. You should not take opinions as attacks to SUSE or any other distro you like ...jeezzz ... Offcourse I know you can install SUSE with minimum software or whatnot ...But that was not my point... I could take everything you say about Microsoft or any other distro or OS the same way ... But then I would need an extra life to answer all those posts ... Anyway ... never mind [/edit]

I think that there is way too much paranoia in this area. And also a certain amount of double standards being applied?

We have plenty of people come to this site for help. We ask them all sorts of questions about what hardware and software they have, what the did just before, and were doing when the problem started. That information is essential to suggesting a solution.

Again people buy or get free software and have to register it to use it.............. that requires supplying "personal information" and they quite cheerfully do that.

I am personally in favour of software that looks after itself, particularly for non-savvy home users ..................you generally find that commercial versions have the ability to switch off phoning home, as it is expected that updating will take place centrally, and the information will generally have been collected as part of obtaining the group licence.

I sometimes wonder how these people who complain about information regarding their hardware and software can bring themselves to drive an automobile where a lot of "personal information" is immediately visible to anyone who cares to look?

I do believe that you should have the option to schedule things or at least have the option to do them manually. My only reason for this is to avoid potential conflicts, or resolve them when they happen.

If you are really concerned, then set up an "anonymous" e-mail account, use a generic User Name and lie regarding anything else. Set your firewall to ask about outgoing connections, and schedule everything to run on February 29th.

Like HT~ I have no problem with a provider knowing what hardware and operating system I have, what language I use, and what country I live in.

I think that it is good that providers care about this, because it gives them information about their user base that can be taken into account in future releases. As a wild example, do you think that MS would be developing Vista if they thought that 95% of users were running 486's and had no intention of upgrading?

Also like HT~ I have no problems with sending automatic error logs................how else can the guys make their products more robust if they don't get feedback regarding problems?

The only problem I would have would be with software that reported private information such as my personal data files, pictures, documents, music and so on............that IS spyware.